我对我的网络服务进行了AJAX POST,它在响应中设置了2个cookie,但Chrome没有设置它们。然而,Safari和Firefox确实如此。
这是请求:
POST /api/login HTTP/1.1
Host: 0.0.0.0:8080
Connection: keep-alive
Content-Length: 50
accept: application/json
Origin: http://0.0.0.0:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36
content-type: application/json
Referer: http://0.0.0.0:8080/form
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8,nl;q=0.6,de;q=0.4,fr;q=0.2,pl;q=0.2
响应:
HTTP/1.1 200 OK
X-Powered-By: Express
Vary: X-HTTP-Method-Override, Accept-Encoding
x-frame-options: sameorigin
set-cookie: keystone.uid=s%3A55efe88923f753865f7a0985%3Ac5aT64aih9lxXi%2BNiSMr1rUJW4kzWyyNUforvUOrckk.JovuV%2FqeoQ32PiuyNPAZ7JcbIxXBcBvj%2FWFp8vf3SQQ; Path=/; HttpOnly
set-cookie: keystone.sid=s%3ADcv5el-TjLRkOSH9vNbvxQoOai-SQj-3.ZTfPFwEZp5mdVHSDZTukO%2FnrDnSpGU3OMW3tQu%2FSz7U; Path=/; HttpOnly
Content-Type: application/json; charset=utf-8
Content-Length: 224
ETag: W/"e0-B6OeRPdDEP0WPVdlZHqarA"
Date: Fri, 06 Nov 2015 14:39:37 GMT
Connection: keep-alive
我没有想法。这不适用于端口80上的完全限定域名。
答案 0 :(得分:2)
找到解决方案:
您已使用凭据(XMLHttpRequest.withCredentials或例如credentials: 'include'发送whatwg fetch)请求。
即使这是没有意义的,因为您正在登录并且没有任何/具有无效的Cookie,这会使Chrome存储来自返回答案的Cookie。 ¯\ _(ツ)_ /¯
正如@Anne所指出的,XMLHTTPRequest规范实际上要求用户代理忽略返回的cookie,除非指定withCredentials。 http://www.w3.org/TR/XMLHttpRequest/#the-withcredentials-attribute